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Editorial 


P.L. 86-36 


At my bank, having direct mail deposit 
qualifies me for certain privileges, but when 
I applied for them, I was told I was NOT a 
"direct mail depositor." I disagreed; my pay- 
check is sent directly to them, and has been 
for some time. Then, I discovered the key: my 
account is joint with my wife, and the com¬ 
puter lists her name FIRST. So when they 
retrieve data about MY accounts.... 


Some years ago, when I dabbled in real 
estate, I had several fat listing books, and 
kept them in order by area, price, and number 
of bedrooms. The listings were typed, and 
often contained errors. Some were easy to 
spot. If the tax district or the number of 
bedrooms was wrong, it was easy to make a pen¬ 
cil change on ray copy and move the listing to 
the right place in the books. 


I notice that real estate agents are compu¬ 
terized these days. They go to a terminal, 
key in a price range, number of bedrooms, geo¬ 
graphic area, etc., and out comes a string of 
listings. Who makes the corrections? I doubt 
that anyone does. It wouldn't surprise me to 
hear that some real estate people "hide" new 
listings, when submitting them to "Multiple 
List" data bases, by putting typos into key 
data fields, to give their own agents "the 
first shot" at a new listing. Between 
accidental and intentional typos, I wonder how 
much of the existing data actually gets to the 
requestor. 


Please don't write in and tell me about 
good programming practices. That's not my 
point. Both we and our targets are coming to 
rely more and more upon data retrieval for our 
information. Anybody who can read and type 
can call up data on most of these systems, but 
only the more innovative people will be able 
to squeeze out of the system the "hidden" 
data. Knowing how to do this could depend 
upon understanding how people behave when they 
use a data base, and also how the data base 
itself really works. It could, in fact, 
become a new cryptologic skill field. 
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ake up, Jim. The briefing's over.” The fallacy of using briefings to bring 

people "up to speed" is that briefings are not 
"Huh, what did you say? Oh, I guess a good medium for the presentation of a lot of 

I must have drifted off. Sure is objective, factual data. They are, however, 

hard to stay awake in a dark brief- an excellent medium for affecting people's 

ing room after lunch. Say, Fred, did you get attitudes and emotions. In our society we 

copies of that guy's slides for me to read have so thoroughly suppressed our emotions 

back in the office so I can find out what Pro- (e.g.f "Grown men don't cry") that we would 
ject RATTLECAN is all about?" tend to deny that we are even subject to a 

play on our emotions, especially in some 
Does this exchange sound familiar? If not, intellectual palace like the National Security 

then this article is not really for you. Agency. Unfortunately, this leaves us 

(Keep on reading though; you might learn some- extremely vulnerable to approaches from a 

thing that will be useful later.) But if you nonintellectual angle and the briefer who dis- 

are one of those who have been bored to sleep covers this vulnerability, either by accident 

on numerous occasions as some well-meaning or as an active intellectual discovery, can 

project officer or analyst read an endless use this approach to produce consistently 

succession of slides to you, perhaps this "good briefs." This is a fact long known to 

article will contain some thoughts that may Madison Avenue and it is equally true here at 

help you avoid inflicting similar boredom on the Agency. 

others. It may even make your briefings more 
effective. 

When you have had a good briefing, what are 
One of the most basic causes of poor brief- the things that you most readily recall? In 

ings here at NSA (and elsewhere as well, I am all likelihood it will include items such as 

sure) is the mistaken view that briefings are the command and presence of the briefer and 

a good, concise way to transfer information to the quality of the graphics. You will 

people. Absolutely nothing could be further remember the organization that sponsored the 

from the truth. Yet we constantly use brief- briefing and those memories will be of a com¬ 
ings to "bring people up to speed" on a wide patent and professional outfit. You will know 

range of detailed and complex topics. The that the topic briefed is: 

subtle deceit of briefings is particularly 

interesting when someone has received a "Good [] very grave; 
brief!" from his audience. Just ask the 

briefee afterwards how many tanks the Zendian [] requires immediate action by your organi- 
Army has, or how many communications circuits zation; 

are at Field Station Xapa, or some other 

detailed question on the topic and most likely [] is in competent hands; or 
yoq will get some answer like "Well, I don't 

recall exactly, but I'll call Tommy Talker who [] needs more resources in the out years, 
briefed me on it and he'll have the answer," 

In this case Mr. Briefee may not have the But you will not recall specifically why you 

facts but he did get the message. have those feelings. 
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All this havinq been said, then, how can we 
use this knowledge in building a "good brief"? 
The most basic step is to decide what emo¬ 
tional message, feeling, or attitude you want 
to inculcate in the listener. Generally, the 
attitude or emotion will be one favorable to 
the topic and organization presenting the 
brief. For instance, a project officer will 
generally want to leave listeners impressed 
with the importance of the project so that 
future requests for support will be favorably 
endorsed. In short, although briefings are 
generally thought of as being informational, 
most briefings are sales pitches. Once the 
basic message of the briefing is established, 
all other work should support that message. 


In briefing there is no substitute for the 
competent briefer, a person who speaks with 
all the self-assurance of a Nobel Laureate but 
who at the same time compliments and involves 
the listeners; one who does not preach to 
them. For some people these qualities are 
natural, but for most they can be acquired. 
The secret is lots of practice and the 
knowledge that you know more about your topics 
than your listener. 


Armed with this confidence, the briefer 
should never use a script. If you know what 
you are talking about, you don't need a 
script. If you don't know what you're talking 
about, you shouldn't be briefing. Bishop Ful¬ 
ton Sheen never used any notes on his very 
successful TV show during the 1950s. When 
asked about this once, he cited a remark he 
had heard as a child. An old woman walking 
out of church was complaining because the 
bishop had read his sermon from notes. Her 
question, which impressed Sheen, was "How the 
devil can he expect us to remember what he's 
saying when he can't remember it himselT?" 


Freedom from the script allows the briefer 
to give the appearance of being extemporaneous 
as he or she responds to the quips, comments, 
and questions of the briefee(s-). It also per¬ 
mits the briefer to tailor the brief readily 
to the background and interest of the 
listener. Finally, the freedom from the 
script allows the briefer to establish a pace 
or rhythm for the briefing that enhances the 
authority and assurance of the presentation. 


With the script eliminated, the only tangi¬ 
ble form left to the briefing is the graphics. 
These are as critical as the presence of the 
briefer and, in fact, can often make the 
briefer seem more professional and the brief¬ 
ing come across better. In the choice of 
graphics it is especially important to keep in 
mind the emotional appeal of the brief. The 
Chinese writer who said that one picture was 
worth a thousand words knew what he was talk¬ 
ing about, and the proper choice of graphics 
can save a lot of talk and questions. 

For example, consider the graphics in Fig¬ 
ures 1 and 2. "Zendian Army Power" (Figure 1) 
is just a compilation of numbers. The briefee 
will read it rather than listen to the 
briefer—and you'd better hope that the 
briefee doesn't have some spurious knowledge 
or he might make some comment like "I thought 
the Zendians had Type Q tanks instead of Type 
Ys." This sort of question could well be 
enough to throw an inexperienced briefer off 
pace or, worse yet, lead to intellectual ques¬ 
tioning of every statement. 

Figure 1 has has yet another critical flaw: 
In column 1 the numbers don't add up to the 
total shown. If the listener notices this, 
he/she will spend the rest of the briefing 
adding up any numbers that appear, looking for 
other errors. 


FIGURE 1: ZENDIAN ARMY POWER 



TROOPS 

TANKS 

HEAVY ARTY 

MED ARTY 

APC 

HELOS 

I CORPS 

ic 

55,000 

250 

200 

500 

600 

45 

III CORPS 

58,000 

300 

212 

550 

600 

43 

rv CORPS 

61 ,000 

312 

220 

560 

500 

48 

V CORPS 

58,000 

270 

220 

550 

550 

45 

ABN CORPS 

25,000 

** 

— 

200 

— 

350 

TOTAL 

247,000 

1132 

632 

2360 

2250 

531 


* There are no units in the Zendian Armed Forces with the designator 
2 or II because the Zendians consider this number bad luck. 

** There are no tanks per se in the Airborne Corps but there are 

approximately 200 of the so-called "Y-type tanks" that are in reality 
a lightweight high-speed tracked anti-tank gun. 
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Figures 2 and 3 (previous page) are good 
examples of effective graphics. Both of them 
evoke a strong emotional response. In fact, 
either of these pictures could well move the 
listener to a rendition of war stories about 
when he/she drove tanks, rode in helicopters, 
or had some related experience. This will 
imbue feelings of camaraderie between the 
briefer and briefee that will make the briefee 
much more amenable to the briefer's message. 


These two pictures have some other practi¬ 
cal advantages: 

[] they will serve to cue the briefer; 

[] they will not limit the remarks the 
briefer may wish to make 

[] they don't contain the intellectual snags 
that are found in Figure 1; and 

[] perhaps best of all, they will not have 
to be changed or updated unless the Zendi- 
ans get rid of that tank or helicopter. 

(When using slides like this, however, make 
certain that it is really a picture of what 
you say it is or it will be almost as bad as 
having numbers that don't add up.) 


By concentrating on influencing emotions or 
feelings, we do not ignore the facts. We just 
use them in a different manner. Rather than 
being sort of inert things, the facts that we 
have to use are woven into the fabric of the 
brief in a way that supports the basic mes¬ 
sage. One way to do this is with "amazing 
facts." We all have a store of "amazing 
facts" but probably don't realize it. For 
example, the fact that the Zendian Navy has 89 
operational submarines will probably mean very 
little to anyone but an avid naval buff, but 
the same fact cast in a different context 
becomes an "amazing fact": "The Zendian Navy 
has the largest submarine force in the third 
world!" Bar, pie, and line charts are all 
effective ways of presenting amazing facts 
such as this. 


While you never want to read your slides to 
your listeners, there are times when you may 
want to let your listeners read the slides 
themselves. This provides a change of pace 
for both briefer and briefee. It's a quick 
way to slip over what otherwise may be a long 
narrative and it involves the briefee in the 
briefing process more actively. Such graphics 
should never be long textual passages. The 
proper form is short "bullets," ideally only 
one or two words each- (See Figure 4.) 


UNITARY PLANNING 
I&W EMPHASIS 

SURVIVABLE COMMUNICATIONS 
COMPUTER INTEROPERABILITY 
PRODUCTION ENHANCEMENT 
COMBINED WORKFORCE 

Figure 4 

The briefer can introduce this type of graphic 
with some line such as "These are the charac¬ 
teristics of ..." (whatever the subject is). 
The briefer should watch the faces of his 
audience and move on to the next graphic as 
soon as the the expressions of the listeners 
show that they have read the graphic. 


In summary, the key to effective briefing 
is to remember that briefings should be used 
to form attitudes or affect emotions, not only 
to transfer objective facts. The effective 
brief should have one central underlying atti- 
tudinal or emotional message that it is 
attempting to deliver and all aspects of the 
briefing must support this. The briefer 
should not use a script and the graphics 
should be simple and chosen with an eye to 
their emotional impact. Facts used in the 
briefing are much more effective when placed 
in some sort of comparative context. Slides 
to be read should be read by the briefee not 
the briefer. 


Good luck! Good brief! 


"Epilogue" 


In closing, I believe it is necessary to 
comment on the ethics of briefing. It is evi¬ 
dent that, armed with information about the 
weakness of our psyche, an unprincipled 
bureaucrat can take considerable advantage of 
his or her colleagues. At present the only 
sure counter to this is the individual 
integrity of the briefing organization which 
must use its power only for pure motives. 
Unfortunately, a full discussion of the ethics 
of briefing is beyond the scope of this arti¬ 
cle, but perhaps some reader may feel an urge 
to expand on that topic. 
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MORE ABOUT 
PASSWORDS (U) 


(>13 


86^36 



A USER VIEWPOINT 


The pass word controversy continues. On the 
one hand, I 1 and others have 
stressed the need for greater security to 
avoi d potential compr omise. On the other 
hand ,| \ ^nd others have made a 
strong case tor snort, easy-to-type and memor¬ 
able passwords to avoid needless errors and 
frustration on the part of the user. I am in 
sympa thy with both causes, although I 
violently object to | I closing para¬ 
graph (CRYPTOLOG, Mar 83, p. 38): he states 
that an easily remembered password is easy to 
type regardless of length, and that he doubts 
that a non-typist (i.e., one who does NOT find 
a long, memorable password easy to type) will 
use a terminal for very long. I would argue 
just the opposite. The probability of error 
rises progressively with each additional char¬ 
acter added to the password, especially since 
characters are not being echoed on the screen. 
Also, my personal observation has been that 
the majority of non-secretarial users— 
linguists, programmers, and managers among 
them—are in fact either non-typists or poor- 
to-fair typists, myself included; yet terminal 
usage among these groups is increasing rather 
than decreasing, as more and more people 
become aware of the advantages which a com¬ 
puter terminal can provide to the professional 
user. 

Having said this, let me state that I think 
the problem is easily solvable in a manner 
which should satisfy both viewpoints. Instead 
of viewing the problem theoretically—short 
passwords are good, but breakable; large 
alphabets, pass phrases, and "passcodes" are 
good, but will result in higher error rates— 
we should take the Agency environment into 
account. Many Agency computer systems have a 
feature which automatically "kicks out" anyone 
who unsuccessfully tries a user ID-password 
combination three or four times in a row. 
Those which do not can be easily modified to 
allow this capability. If the office security 


manager is alerted to terminals on which three 
unsuccessful ID-password combinations have 
been tried, I doubt very much that a hostile 
entity would have any success in breaking even 
a five- or six-letter, single-case, mnemonic 
password before being apprehended. At the 
same time, a poor typist gets several chances 
at entering the combination correctly before 
setting off the alarm. This system thus pro¬ 
vides the best of both worlds: a user-friendly 
password environment which is, for all intents 
and purposes, immune to exploitation. 


P.S. A challenge to all UNIX users; how 
many of you ca n type "Low f lying bees eat wax 
beans" (to use | | exampie of a pass 
phrase) and get it right the first time? It*s 
easy to find out: set terminal type to STTY 
-ECHO ; type in the phrase enclosed in single 
quotes, i.e., *Low flying bees eat wax beans* 
and hit <EIETURN>. A system message will 
appear as follows: 

flying bees eat wax beans: not found 
(or whatever you REALLY typed) 

After you're done experimenting, STTY ECHO 
will make your characters visible again. (At 
an informal testing in the KEPLER laboratory, 
I got the phrase right 3 out of 7 timesj how¬ 
ever, I fall under the "non-typist" category.) 


THREE GOOFS AND YOU'RE OUT 

On [the system I use], a user signs on with 
user initials and then is required to type in 
a password. If the person "fails," they may 
try again and again and again.... To prevent 
exhaustive searches, why not flag to the sySr 
terns operator any console that tries say three 
times? Or lock that terminal out? 


P.L. 86-1 
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PASSWORDS: FRIEND OR FOE? 

Speaking of passwords, what is an accept¬ 
able balance between security and convenience? 
I have found what I believe to be a rather 
comfortable and simple solution (but then I'm 
sure SOMEONE will disagree). I simply choose 
a word...such as walnut, then alter or mispell 
it (walllnut, wawlnut...etc.)• Not enough to 
make it difficult to remember, but definitely 
making it more secure and harder to guess. 


MORE ON PASSWORDS AND HUMAN FACTORS 
(from COMPSECNEWS, June 1983) 

One of the frequently heard complaints from 
persons who changed to more clever passwords 
containing special symbols or mixtures of 
upper and lower case, was that when bringing 
some of the terminals up cold, and prior to 
loading the terminal emulator, they could not 
login. True that each keycap may not send the 
same character before an emulator load as it 
will after, but when those infrequent occa¬ 
sions arise, you can still prpbably login if 
you only knew what keys to press. For exam¬ 
ple, one system I know of uses the "back tab" 
key to produce the "/" prior to emulator load. 
Obviously an inconvenience, but most users do 
not regularly have to perform initial terminal 
loads. 

Other systems that I have seen have 
accounts called "LOAD." These accounts do not 
require the person who logs in to enter a 
password, only to choose a desired emulator. 
After the selected emulator is loaded, the 
real user login is then required. If your 
system does not have this feature, complain to 
the system Guru. Incidentally, notice that an 
emulator load is all that the "LOAD" account 
can do. 

Another comment had to do with the login-id 
being secret. The suggestion centered around 
doing away with initials as the login-id, and 
using a secret account name in addition to a 
secret password. Maybe a useful idea, but one 
point missed by this comment was that the 
current login algorithm used on most of the 
systems does not reveal what is wrong when the 
login fails. For example, notice of login 
failure only appears after the id and the 
password has already been given. Another 
problem with this suggestion is we already 
have a requirement to identify individual use 
of sensitive computers. Work is currently 
underway to assign each and every user of our 
computer systems a unique id that will be the 
same regardless of which computer system is 
used. The adopted format will follow first 
two initials followed by the first five 


letters of the last name. A central registry 
is being established to resolve conflicts. 

I h jairie 1983) . P • L ■ 

Keep your comments coming! In particular, 

I would like to see more comments from users 
about the consequences for them of various 
access restrictions, password procedures, etc. 

How have some practices on the systems YOU use 
hindered or helped YOU in your work? I know 
that it is fun for a lot of you ingenious peo¬ 
ple Otit there to think up new password schemes P . L . 
and gimmicks, but the computer security 
experts are pretty inventive and ingenious 
too. What they need, more than new techniques 
and ideas, is some clear feedback from users 
about the COSTS and BENEFITS of different 
kinds of procedures currently in use. If they 
get a clear indication from users that certain 
methods of implementing access restrictions 
impose a relatively high cost on users, they 
will be motivated to use their ingenuity to 
find other and better methods that are just as 
secure but less costly to the user. I was 
interested to note, in the COMPSECNEWS itern 
above, the assumptions that 

1) users rarely had to load terminals "cold"; 
and 

2) coping with keys that send different char¬ 
acters before and after emulator loading 
constituted a minor inconvenience at most. 

What do you think about those assumptions? 

As a hunt-and-peck typist, I find odd-ball 
special characters are a MAJOR stumbling 
block, even when the keycaps agree with the 
character that gets sent. Even the shift key 
and "CTRL" key are frequent error-makers for 
me. Also, my impression is that users have to 
down-line-load Delta Data terminals more fre¬ 
quently, at least for some systems, than the 
COMPSECNEWS editor assumes. In fact, if I had 
to cope with that problem, even having to load 
a terminal once a week would be far too often 
for me! The "LOAD" account mentioned in the 
article seems to me a much more promising and 
user-friendly approach than "if you only knew 
which key to press." 

For a programmer, or someone thoroughly 
familiar with the terminal and software, 
perhaps keys that send different odd-ball sets 
of characters at different times may present 
only a minor annoyance; in fact, computer folk 
seem to thrive on and positively welcome such 
problems. Most others, however, are very 
un1ikely to agree with them. Computer spe- 
cialists, and computer security specialists in 
particular, need to be reminded that situa¬ 
tions constituting brief nuisances or even 
amusing challenges for them can be stressful 
and exasperating for other kinds of users. 

-M.E.D. 


86-3 


86-3 
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Cryptography at 
GLOBECOM 82 


P.L. 86-36 


Review: 


Digital Telephony (U) 


DES-type algorithm, using 800-bit 
vectors in place of the 48-bit vec¬ 
tors of DES, was proposed at GLOBE¬ 
COM 82 (the 1982 Global Communica- 
(U) tions Conference) for the encipher¬ 
ment of medical records* The key would be 

160.900- bits long. The Belgian author of the 
paper, Desmedt, claimed that this would pro¬ 
tect medical records during the life of the 
person concerned. In reply to a question, he 
admitted that he did not know how to keep the 

160.900- bit key Itself secure and intact for 
the 100-year period. 


(U) The Desmedt paper on super-DES was one 
of five papers on cryptography presented at 
GLOBECCM 82 in December. In addition, there 
were five other sessions on coding, primarily 
speech coding, which proposed reducing bit 
rates for video and voice and facsimile. 
Compression techniques and the ability to 
recover from channel errors are critical to 
the use of digital encryption techniques. 


(U) One of the surprising papers was about 
a detailed experiment with analog encryption 
at Bell Labs. Apparently low bit rate encryp¬ 
tion causes so much loss of voice quality, 
especially over low-quality lines vrtiich cannot 
support 9600-bps rates, that there Is a grow¬ 
ing demand for encryption which sends analog 
waveforms. The Bell Labs work has been done 
by computer processing, but they expect to 
develop a real-time circuit, after which their 
VLSI chip designers will examine the cost of 
single-chip analog encryption. That could 
have a revolutionary effect on secure voice 
and on cryptanalytic priorities. 


(U) Two other surprises were the sophisti¬ 
cated insight into the strengths and 
weaknesses of various public key schemes, 
especially the flaws of the Hellmann-Merkle 
algorithm, and the importance of the recent 
Racal-Milgo patent on finding large primes for 
the RSA public key algorithm. Several speak¬ 
ers stated that the RACAL-MILCK) algorithm had 
made the integration of DES and the RSA algo¬ 
rithm feasible as the basis of a switched ad 
hoc public cryptographic network. 


(U) This demonstrated Interest in the 
feasibility of the RSA algorithm as a means of 
keying DES links is more interesting in the 
light of the Inman interview ( Science , Dec 
82), which identified RSA as a secure method. 


(U) The leadoff paper by J. Michael Nye, a 
self-styled cryptographic "expert," described 
the methods and cost of intercepting telecom¬ 
munications in the US and gave a list of 26 
domestic cryptographic suppliers offering 104 
products and 13 foreign vendors offering 81 
products in the US market. The list of sup¬ 
pliers and products is growing, and the Impact 
of Personal Computer encryption is yet to be 
felt. This is a very big change from ten 
years ago, when only a few companies supplied 
cipher equipment to the US market. Most of 
the products are for fixed telephone service, 
but as the new technology of cellular radio 
develops over the next decade, the market for 
voice encryption, to protect the 900-MHz 
mobile circuits from interception will 
Increase to millions of vehicle radios. 
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(U) Cox, Jayant, and McDermott of Bell Labs 
qave a paper on a time-frequency segment per¬ 
mutation analog encryption which they believe 
is very secure against cryptanalytic attack, 
without loss of voice quality or syllable 
intelligibility. The delay for the scrambling 
and descrambling is no more than 256 to 512 
milliseconds for 16-msec speech segments. 
Each 16-msec segment, sampled at 8000 Hz to 
give 128 samples, is converted to sub-bands by 
digital filtering, and the sub-band vectors 
are then permuted. The digital vectors are 
stored in a buffer with a memory capacity up 
to 512 msec. A cryptographic keystream 
decides on the segment permutation, and also 
decides which time segment will be sent. Any 
time segment can be delayed up to 256 msec. 
The input test data were voiced digits in ran¬ 
dom order, used to avoid the redundancies of 
normal conversational speech. 


(U) The cryptographic scheme is to fill the 
buffer with 16-msec segments, then send all of 
them in some pseudorandom order until the 
buffer is transferred to the receiving end. 
Then the buffer is refilled and the scrambling 
and transmission begin on the next multi¬ 
segment block of speech. It is not clear from 
the published paper whether the segment trans¬ 
position key is the same or changes from block 
to block. 


(U) The scrambler was implemented on the 
RTL Digital Signal Processor, and tests showed 
that it gave better intelligibility than sim¬ 
ple frequency inversion scrambling. The 
scrambled signal envelope sounds like "birds 
chirping." To maintain synchronization, a 
series of pulses is sent down the channel 
whenever the scrambling buffer is reinitial¬ 
ized, and these high pitched pulses send like 
"cricket chirps" interleaved with the signal. 


(U) Although the system is described as an 
"analog" scrambler, it is clearly a 5-stage 
analog-digital process, in which most of the 
processing at each end is digital, but the 
transmitted signal is an analog waveform. It 
has been tested over the Murray Hill phone 
system, with addition of simulated white noise 
and phase roll (a channel impairment). 


(U) Because sample-to-sample fidelity is 
important to speech reconstruction, i.e., the 
sampled speech at the receiver must match the 
samples that are supplied to the digital-to- 
analog (D/A) converter at the transmitter, it 
is necessary to equalize the channel to com¬ 
pensate for channel distortions and to syn¬ 
chronize the instants of sampling at each end. 
The synchronization pulses (cricket chirps) 


are used to establish and maintain sample tim¬ 
ing and are also used for channel equalization 
(since they give the impulse response of the 
channel). 


(U) The main thrust of the designers’ work 
was to get good intelligibility. They now 
want to reduce the software algorithm to a 
hardware device, and VLSI design can follow 
from there. The audience showed substantial 
interest in this scheme. 


(U) Despite the rapid introduction of digi¬ 
tal channels, for many years to come, most of 
the world’s telephone connections will be made 
over copper circuits that will not support 
high bit rate digital speech. One of the 
driving forces behind the development of digi¬ 
tal transmission and local loops is the desire 
for high-quality secure speech. If the hybrid 
analog-digital scrambling gives good enough 
speech quality, and no particular security 
weaknesses become known, the market pressure 
to develop digital services to the 64,000-bps 
level IDN ( = Integrated Digital Network) may 
reduce (since customers won’t have to buy 
them) and this could affect an important part 
of the digitization of the telephone network. 


May 83 * CRYPTOLOG * Page 8 


EO 1.4.(c) 





OCID: 4009861 


This is undoubtedly a reflectSSn Vapid 
transborder flow of technfeai • iSi^oftfetion 
between academicians and the arrival of 
increasingly capable people into the arena of 
public cryptology. Without doubt, the techni¬ 
cal quality of the work will increase and will 
threaten SIGINT- 


(U) The particular cryptographic scheme 
that Desmedt propose is a version of DES 
in which blocks of data of 1,600 bits are 
enciphered, under the control of a 160,900-bit 
key. The S-boxes of DES are replaced by one¬ 
way knapsack functions. This revised "S box," 
instead of operating on eight bits, operates 
on 200 bits, and there are eight of them 
operating in parallel. Each of the new "S 
boxes" is initialized with 100 integers of 20 
bits, so that it contains 20,000 bits. There 
are eight "S Boxes," which use up 160,000 bits 
of the key. Because of the trapdoor function, 
even if the 160,000 bits were known and all 
the S-box outputs were known, it would still 
be very difficult to compute the 800-bit 
input. However, the 160,000-bit key is not 
known. It is kept secret. That makes it even 
harder to compute the input from the output. 
The 200-bit outputs are expanded up to 208 
bits and then hashed down to 100 bits to give 
the 800-bit output. This complicated process 
is iterated a number of times. A stream or 
block mode with this algorithm is possible. 


(U) The Desmedt paper on Super-DES began 
with a critique of existing cryptographic 
methods, interleaved with some familiar com¬ 
mentary on NSA intervention in the DES design. 
A point of interest is the statement that the 
Geneva Management Group in 1981 concluded that 
DES was not adequately secure. Desmedt argues 
that encryption algorithms that iterate the 
basic operations many times provide higher 
security than the individual operations (e.g., 
substitution, transposition) but are impracti¬ 
cal to implement on VLSI chips. He also 
argues that a DES-breaklng special machine may 
be costly today, but in 20 years could be 
cheap enough to break messages enciphered on 
DES now. He also acknowledges that no 
"shortcut" solution to DES is known. 
Hellmann's insinuation that a "trapdoor" was 
built into DES by NSA is referred to. The 
problem of public key algorithms such as the 
Merkle-Hellmann scheme is described as either 
they have known weaknesses or they may have 
unknown weaknesses- What is notable about all 
of this critique is that the authors are pro¬ 
fessors of mathematics in Belgium and they are 
very up-to-date in the state of cryptology in 
the public domain- (One of them spent 1978-79 
at UCLA, Berkeley, doing pertinent research.) 
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(U) Yiu and Peterson of Hewlett-Packard 
gave a paper on a single-chip VLSI Public Key 
algorithm. The algorithm is Hellmann's 

discrete exponential scheme using Galois Field 
arithmetic. The chip has 12,000 transistors 
and is designed for a 4-MHz clock rate. The 
Public Key algorithm would be used in conjunc¬ 
tion with DES, to distribute keys for the DES 
algorithm. The purpose of the chip design was 
to give higher speed and lower cost for 
encryption. The use of Galois Field arith¬ 
metic eliminates the need for carry or borrow 
operations, and the arithmetic operations can 
be executed by linear feedback shift regis¬ 
ters . The developers expect to use the chip 
in a computer network, but the company, 
according to Yiu, has no commitment to market 
it. 


(U) Doctor Yiu mentioned the recent Racal 
Milgo patent for finding large prime numbers 
in a few seconds as an important breakthrough 
in implementing Public Key networks. The 
patent. No. 4,351,982, claims that It reduces 
microprocessor computation time to find a set 
of 200-bit primes from 1,200 hours to two 
hours. Desmedt stated in his talk that the 
RACAL MILGO datacryptor took only 17 seconds 
to distribute key (but it was not clear that 
it would find RSA primes in that short time). 
Hollander of BTL (Bell Telephone Labs) has a 
patent application that purports to find large 
primes very quickly. The Japanese are 
developing a chip that will do RSA encryption 
at 50,000 bps. The work is a joint project of 
NTT, NEC, Hitachi, Fujitsu, and Oki. Sandia 
has developed an algorithm that will do multi¬ 
plication modulo C in log2(C) + 7 clock 
pulses, which is an improvement over the con¬ 
ventional modular multiplication, which takes 
N X N clock pulses for an N-bit modulus. The 
Sandia method would take only N + 7 clock 
pulses. It is aimed at RSA encryption using 
512-bit prime numbers. At 20-MHz clock speed 
they expect to be able to encrypt at 25 Kbp/s. 
Now that the RSA Public Key algorithm has been 
publicly identified by a former NSA Director 
as secure, there will undoubtedly be intensi¬ 
fied work to make it easier to use to set up 
DES links. The high utility of being able to 
dial up any other party and set up a secure 
link, without prior key distribution, is 


irresistible from both intellectual and mark¬ 
eting viewpoints. 

(U) A paper on the AMD' DES chip was given 
by Brown, an AMD executive. This was followed 
by some discussion of the merits of DES. Both 
Yiu and Brown felt that DES was in fact 
secure, and that the criticism that Desmedt 
and other authors had raised were not sup¬ 
ported by any facts. No one had been able to 
read or exploit DES, and it had the advantage 
of a standardized tested algorithm. The AMD 
DES chip was capable of 1.7 Mbytes/sec, so 
that it could be used for disc controllers. 
It cost $75 for a single unit. 


(U) Another paper at the cryptographic 
meeting was an Italian scheme by CSELT for a 
"robust'* 4800-bps speech coder. Audio tapes 
showed it to be resonant and of low quality. 
The paper did not seem to offer any Important 
new work. However, the topic of speech coding 
and other compression coding was treated at 
five other sessions. There were 31 papers on 
voice and image compression, of which 16 were 
by foreign authors. The sessions were: 


[] 

A8 

: Low bit rate speech coding 

[] 

B6 

: Image processing 

[] 

D4 

: European videoconferencing 

[] 

E6 

: Advances in speech coding 

[] 

F7 

: Speech processing 


(U) The interest in compressed speech in 
sessions A8, E6, and F7 was initially to allow 
narrowband encrypted voice signals. Now a 
number of other applications, including low- 
cost bandwidth conservation and interim 
storage of voice, have emerged from the capa¬ 
bility to compress speech. 

(U) The interest in compressed video is for 
both teleconferences and private TV broadcasts 
(e.g., Pay-TV, TV relay by satellite, and 
Direct Broadcast Satellites (DBS)). The com¬ 
mon carriers and the broadcasters both see 
commercial advantages in being able to send TV 
signals that can be securely encrypted. 
Because blts/sec cost money, the customers 
want the pictures compressed. 


(U) In Europe there is a multinational 
effort to develop a standardized videoconfer¬ 
ence system, with a standard video coder. 
Some of this is for satellite applications, to 
thwart interception, but most of it will 
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probably pass overland on radio relay and opt¬ 
ical fibers, The compression allows cheaper 
conferences and security, and the standardiza¬ 
tion will allow the Europeans to intercommuni¬ 
cate and keep US companies out of the equip¬ 
ment market. 


(U) There are now hundreds of papers pub¬ 
lished on vocoders, fax coders, encryption, 
video coding, etc. Many of the papers are 
foreign, but the Europeans in particular have 
been handicapped in the speech area, for exam¬ 
ple, by the lack of specialized journals which 
consolidate the work. As as result, they look 
to the US journals, especially the IEEE publi¬ 
cations, as the focus of the current work. 
This also makes it difficult for US parties to 
keep up with the foreign work because it is 
spread across a number of journals and is 
often .published in German, French, Italian, 
Swedish, Japanese, etc. However, the foreign 
literature is growing, and will become a more 
important source of new work in cryptography 
and coding. 


(U) The Europeans, arriving on the scene 
after the US has identified the problems and 
paid for the basic research, will be able to 
converge on coding and encryption standards to 
serve many of their PTT plans, without the 
competition, confusion, public controversy, 
and divided purposes that have arisen in the 
US in both Government and civil coding and 
encryption. By the end of the decade, they 
may have passed the US in these fields, just 
as they have surpassed the US in a number of 
other selected technologies and industries. 
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Digital Telephony 
by John C. Bellamy, Wiley, 1982. 


(G) - Is "plesiochronous'*a familiar word? It 
soon will be, if you are concerned with inter¬ 
national digital networks. A plesiochronous 
network does not synchronize the network, but 
merely uses clocks at each node that are accu¬ 
rate enough to keep the bit slip rate low 
enough not to interfere with operation. The 
US domestic digital network is synchronized, 
to save the cost of the node clocks, but the 
CCITT has established clock standards to 
interface different national networks by 
plesiochronous gateway connections. Because 
the national networks run at slightly d if- 
ferent rates, | ~1 

COMSEC will^ have to anticipate this 
plesiochronous struct^e.^L 4 ^ (qJ 

P.L. 86-36 

(U) Network synchronization schemes are 
just one small part of John Bellamy's new book 
on digital telephony. The author, who 
received his PhD in EE in 1971, worked as a 
manager at the Collins Division of Rockwell 
International in transmission systems, then as 
a member of the technical staff at Arthur A. 
Collins, Inc., the R&D firm that hived 
off from Collins Radio when Rockwell took 
them over. He is now an R&D manager at the 
Communications System Division of United Tech¬ 
nologies, so he has substantial practical 
experience with modern telecommunications 
engineering. It is notable that Collins 
builds digital radio equipment so well that 
Western Electric dropped some of its own pro¬ 
jects and buys from them. In addition to his 
industry experience, Dr. Bellamy has been an 
Adjunct Professor of Electrical Engineering 
and Computer Science at Southern Methodist 
University since 1976, so he is used to 
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organizing, simplifying, and teaching 
engineering technology. 


(U) His book is a well-written tutorial on 
telephony and digital telecommunication. 
Although digital transmission was developed 
with computer and data traffic in mind, the 
main traffic volume will be voice for a long 
time. Analog transmission and networks will 
also be around for a long time, but digital 
telephony is of particular interest where 
encryption is wanted (as he says on page 75) 
because of the paucity of good analog encryp¬ 
tion. 


(U) The book covers digital networks from a 
general overview of the analog network in the 
US, through voice digitization algorithms 
(PCM, DPCM, APC, vocoders, etc), fundamentals 
of digital transmission, switching and multi¬ 
plexing , through digital modulation, network 
synchronization and control, to high-level 
descriptions of several digital networks and a 
discussion of the future of digital telephony. 
Among other things, the book has a 16-page 
glossary of pertinent terms, such as burst 
isochronous, Centrex service, despotic net¬ 
work, elastic store, HDB3 code, justification 
ratio, mesochronous, muldem, permanent virtual 
circuit, plesiochronous, robbed digit signal¬ 
ing, state store, transhybrid loss, traveling 
class mark, and waiting time jitter. These 
terms are indispensable refinements in edu¬ 
cated discussions of networks. (This glossary 
will soon be in the NSA terminology base). 


(U) Some points of interest in the book: 

[] One of the principal difficulties in mak¬ 
ing the large telephone network operate is 
the variety of signals and signaling func- 
'tions, all of which have to be translated 
by interfaces or made compatible. 

[] Common Channel signaling in the Bell Sys¬ 
tem is highly centralized, making the 
entire network vulnerable to failures in 
the CCIS packet traffic. 

(] If a CCIS node fails to store and forward 
certain network information correctly, the 
network will gradually lock up because 
disconnects do not occur automatically, 

[) Digital microwave radio is cheaper than 
T-carrier for distances as short as eight 
miles, and the major impetus for digital 
radio has been the introduction of digital 
switches, not the demand for digital 
traffic, which can pass over the analog 
network. 


[] Fifteen different types of digital cen¬ 
tral office switches are in service in the 
US, and more are expected as foreign sup¬ 
pliers enter the US market. The disadvan¬ 
tages of digital networks are increased 
bandwidth, A/D and D/A conversion, time 
synchronization, topologically restricted 
multiplexing, and incompatibility with the 
large analog plant. 

[] Voice digitization, nominally 64,000 bps, 
can be as great as 400,000 bps for spe¬ 
cialized services such as broadcast trans¬ 
mission. 

[] About ten different speech coding schemes 
are described. 


(U) In the chapter on digital switching, 
the advantage of time-domain switching is 
shown to be the ease of getting switches that 
don't suffer from blocking. There is quite a 
lot of information in the switching chapter- 
The chapter on network synchronization exam¬ 
ines many of the timing problems and the solu¬ 
tions such as bit slips, elastic stores, pulse 
stuffing, and packetization. The chapter on 
digital networks leads from ARPANET to the 
ISDN (integrated services digital networks). 
Circuit-switched nets are shown to be more 
efficient for voice transmission than packet- 
switched nets, but digital speech interpola¬ 
tion can increase the effective number of 
channels on a trunk if the circuit switching 
is fast enough. Current circuit switching can 
operate fast' enough so that even the begin¬ 
nings of syllables are not lost. The final 
chapter is on traffic analysis, as the traffic 
engineers and designers do it. 


(U) The book is well written and well 
illustrated, with references and exercises. 
Because of the integration of transmission and 
encryption, as well as the continuous growth 
and switchover into digital networks in every 
country, a knowledge of the engineering and 
technology of digital networks will be an 
essential part of a cryptologic repertoire. 
Bellamy's book is a good beginning to this 
knowledge. The enciphered speech crypt- 
analytic experts in R52 ordered desk copies 
after reviewing the book. 


(U) Summing up. Digital Telephony is 
timely, gives good coverage of digital net¬ 
works, and should be a useful text and refer¬ 
ence for some years. It costs about $50. 
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Jun 76 An Evaluation of a Scientific C hinese 
Machine Translation j ; \\ j 

Management 

Aug 74 Golden Oidie: The Managetifient Survey of 
the Philharmonic; 

Sep 77 Knowledge Resource Managbriierit kt NSA; 
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I 


Messages 
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Microfiche Readers at/WSA; Snow D. 

Dec 77 Co nversation With a Micrographics 
Piomeer; | 


May 83 * CRYPTOLOG * Page 23 


P.L. 86-36 


GBOnHT 


HANDLE VIA COMINT OIIAffl i HLC ONLY 





























OCID: 4009861 


B,.L. 86-36 


Oct 78 Back to Square Onel:|_ \ 

Oct 78 Reduction Ratios in Micrographics; 
Snow D. 
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Oct 79 Snowballs On The Roof; Filby 

Apr 80 What To About 'FAnx'; | \\ 1 

May 82 The tJSA Informa tion Desk; 'No 
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Professi onalization of Goiintry Spebiblibts; 


Jun 75 Professionalizing 


injComputer Systems; 


Apr 77 Some Thoughts on the Russian 


Oct 78 Continuing Professionalization 


Apr 79 Fear of Testing, and What To 
it;|-^ \ 


Eto About 


Proficiency 

Aug 79 Language^Prof iciency^ Certif icbteis for 
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lug 82 What pFobiption Boarie, Want; | ' 

Publications 

Jan 75 The S IGINT Users' Handbook or;: What's 
an ISHTARYi F ~l v 

May 76 About the NSA SlGINi? Supnary;^ Hunt W. 
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The Intelligence Watch Officer (U) 



H ant an interesting job? Do you want 
M M V to be busy-some times too busy to 
■ eat even when you've brown-bagged? 

If you are interested in current 
(U) events and want to know what is 
going on in the world or yhat is going to hap¬ 
pen next, you may be interested in the Intel¬ 
ligence Watch Officer (IWO) position in the 
National SIGINT Operations Center, 


(U) The author served as Intelligence 
Watch Officer on Team 3 (P33) in NSOC from 
September 1981 to January 1983, 
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(U) During non-regular duty hours, the IWO 
acts for T5 in receiving and responding to 
requests for information from NSOC, field 
sites and 24-hour NSA work areas. The IWO 
attempts to answer all requests instead of 
referring them to a day shop for action. This 
frequently necessitates trips to the NSA Geog¬ 
raphy and Map Library, the Main Library, or to 
Central Research to research and retrieve a 
map or citation to answer the query. The IWO 
has a one-way pager to carry when away from 
NSOC for any length of time—he maintains con¬ 
stant contact with NSOC when necessary to 
receive new requests or operational require¬ 
ments. 


(U) If you are interested in more informa¬ 
tion on the rntelligence Watch Officer posi¬ 
tion in NSOC, contact T5, x3265s. 

EO 1.4.(c) 
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T he traffic analyst finds himself 
turning to data systems because he 
often has mountains of data to exam¬ 
ine, because the people who receive 
(U) TA results usually want their infor¬ 
mation very rapidly, and because almost all 
the data the traffic analyst wants to see is 
already inside a computer somewhere. 


This paper was presented at the November 
1982 Meeting of CISI. 


THE PROLOGOE IS PAST 


(U) I might be well to begin with a little 
history, or at least history as I remember it. 

(U) Most traffic analysts who try to look My first recollection of what we now call data 

at data systems develop a kind of schizo- systems was a ' lot of 80-column cards and a 

phrenia. On the one hand, the TA data that card sorter. That was about 35 years ago. 

comes in today has to be processed and Watching those cards go through that sorter 

analyzed today because there will be another was rather hypnotic. The possibilities seemed 


batch of data coming in tomorrow. This means 
that the traffic analyst has to use today' s 
data system to handle today's data. On the 
other hand, it does seem to us traffic 
analysts that data systems people would much 
rather talk about tomorrow's system—the one 
that isn't here yet, the one that won't have 
all these glitches and problems that today's 
system has. 


(U) The traffic analyst who is in the 
trenches on a current operational problem 
would easily trade all the glowing promises of 
some brighter tomorrow for a quick fix on some 
of the glitches in today's system that will 
keep him from bleeding to death right now. 
That isn't my subject today—I really want to 
talk about the future. But as I thought about 
standing up here in front of all you data sys¬ 
tems people, I couldn*t resist putting in a 
plug for the working traffic analyst; he needs 
your help, both today and tomorrow. 


limitless then—if we could only find a cheap 
and easy way to get the data onto the cards. 
I think the equipment was called Electronic 
Accounting Machines (EAM), and the people who 
supported the traffic analysts were called 
Methods Analysts (in the 1940s and early 50s), 



(U) Since our data consisted of a matrix 
with 80 columns and many rows (one row for 
each card), our output consisted of that same 
matrix with its columns and rows transposed in 
some way. Later, we added the ability to look 
up words or strings in a dictionary and insert 
the result back into the matrix. 


May 83 * CRYPTOLOG * Page 36 













DOCID: 

I 


4009861 



OBORBfP OrORB 


(U) Many years and computer systems later, 
in the mid-1960s, this was still the primary 
data systems support to traffic analysts; a 
transposed matrix (now often wider than 80 
columns) with a dictionary lookup. There were 
attempts to go beyond this. Most of the 
things we tried were made to fit one specific 
problem, and never developed into general TA 
tools. We developed ponderous, monolithic 
record formats whose structure provided a spe¬ 
cial place for each variety of data we thought 
we would find in the traffic. What I remember 
most vividly are long, soporific meetings 
where all we ever seemed to talk about was 
what format the data was going to be in. We 
spent untold amounts of energy and resources 
getting all of our data into these unyielding, 
user-murky systems, and there was often little 
energy and resources left over to develop any 
user-friendly output . 


(U) It is still possible, even today, to 
see analysts sitting down with computer output 
and handlogging data from that computer output 
onto a form for their own personal use. In at 
least two areas, one might then see that same 
handwritten log being used a little later to 
punch cards for further computer processing! 


WHAT IS THE TRAFFIC ANALYST TRYING TO DO? 


(U) The traffic analyst is trying to draw a 
picture of his communications target. He usu¬ 
ally wants this picture to show how his target 
looks when it is operating normally. Once he 
knows what his target's normal behavior is, 
then he is in a position to detect variations, 
and report them to intelligence consumers. 


CONTINUITY 


(U) The result of this, in many areas, was 
that the output received by the traffic 
analyst was not much more bhan his original 
raw traffic, transposed both horizontally and 
vertically, and with some information added 
through dictionary lookup processes. 


LONG THIN MATRIX 



The form in which the output was delivered to 
the analyst was often decreed by someone 
remote from the analyst—someone who never had 
to actually live with the output—and it was 
rarely if ever changed to fit the current 
needs of the local problem or individual 
analyst. 


(U) Traffic analysts are usually looking 
for something they call continuity. When 
faced with a target that has daily-changing 
callsigns, the traffic analyst seeks to learn 
which of today's callsigns matches what 
callsign used yesterday. 



CONTfwuiry 


DATE.* _±. 

%r*j X : Aac. btF G-Hl .. . 
sta3 » : . 


If I can say that the station that used 
callsign ABC on the first day is the same sta¬ 
tion that used callsign DEF on the second, 
then I can say that DEF (on the 2nd day) is 
continuity of ABC (on the 1st). On the third 
day, if I can say that GHI was used by that 
same station, then I can add GHI (on day 3) as 
another link in a growing chain of continuity. 
Many of our TA targets do change their 
callsigns, frequencies, addresses, and other 
features on a regular basis. They do it to 
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make collection and identification more diffi¬ 
cult, and it is the job of the traffic analyst 
to defeat these changes by the development of 
continuity. 


TWO KINDS OP TRAFFIC ANALYSIS 


(U) There are two forms of traffic analysis 
on most problems: development and maintenance. 
To borrow an example from cryptanalysis, the 
attack against a cipher system often goes 
through two phases: 

[] first, diagnosing and recovering of 
the general cipher system, and 

[] second, exploiting and processing the 
recovered system, which often involves 
solving daily keys or settings. 

So too, in traffic analysis, one can consider 
that there is a development (or recovery) 
phase and a maintenance (or exploitation) 
phase, which may or may not include product 
reporting. However, in traffic analysis, the 
two phases often occur at the same time. 


(U) In some ways, the traffic analysis pro¬ 
cess resembles a spreading oil blot. Out on 
the edges, new target territory is being con¬ 
quered; new target communications structures 
are being discovered and cataloged; new 
methods of identifying and distinguishing 
various communications are being developed. 
But back in the central part of the oil blot, 
the territories previously conquered must be 
kept track of; the continuity of target com¬ 
munications structures previously recovered 
must be maintained. 


OIL BLOT 



Maintenance 


center 


(U) The more territory one conquers, the 
thinner the center of the oil blot becomes. 
The more communications structures one recov¬ 
ers, the more continuities there are that now 
must be kept track of. As the maintenance 
effort grows, it will use more of the avail¬ 
able resources, draining them away from the 
recovery part of the effort, and at some point 
it will have absorbed enough of the resources 
so that a point of "no growth" is reached and, 
for all practical purposes, recovery of new 
structures stops. If expansion doesn't stop, 
the center of the oil blot will break; if 
development doesn't stop, the maintenance 
effort will fall behind and begin to lose 
track of continuities, which will then have to 
be discovered and developed all over again. 
This tension over resources between mainte¬ 
nance and development is similar to the one 
between software maintenance and software 
development. 



(U) Sometimes the personality of the 
manager plays a part in just where this point 
of "no growth" takes place. Some managers are 
more at home in the settled, stable atmosphere 
of the center, where things don't change much 
from day to day. These managers tend to con¬ 
centrate their attention on building a 
smooth-running system at the center, and may 
put a larger proportion of their resources 
into that area, so that the "no growth" point 
is reached more guickly. Other managers 
thrive in the rough and tumble frontier atmo¬ 
sphere out on the edges of the problem, where 
each day is likely to bring some new and dif¬ 
ferent challenge. These managers tend to con¬ 
centrate their attention on the recovery 
effort, sometimes at the expense of the more 
humdrum maintenance. 
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TRAFFIC ANALYSIS GOALS 



REPORTING 


(U) Some traffic analysis problems have a 
lot of potential for reporting—for providing 
the intelligence consumer with a blow by blow 
account of what the target is doing. Targets 
that involve ships and aircraft often have 
this potential because they move around from 
place to place, and the analysts often find 
much of their time taken up with reporting 
which ships and aircraft were active today, in 
what areas and performing what missions. 
Where this reporting potential is high, it 
tends to draw off resources from both develop¬ 
ment and maintenance. Managers whose problems 
have a strong reporting emphasis (especially 
time-sensitive reporting) will generally try 
to pull resources from development rather than 
from maintenance, because losing the continui¬ 
ties means losing the raw material for the 
reporting effort. Losing the development 
effort is generally seen as the lesser of two 
evils. 


(U) From the standpoint of the two kinds of 
traffic analysis—development and maintenance 
—we can express the general goals in the fol¬ 
lowing ways: 


TA DEVELOPMENT GOALS 


(U) We rarely collect or analyze all of the 
communications of any given target. We are 
almost always working on a sample of the tar¬ 
get. At any given time, there is some residue 
of the target that we do not maintain con¬ 
tinuity on, and bits and pieces of that resi¬ 
due find their way into our unidentified or 
search pile—the file of incoming traffic 
which looks as if it belongs to our target but 
doesn’t exactly fit any of our known continui¬ 
ties. Development TA concentrates on that 
pile, trying to dig out new target nets and 
continuities. This unidentified pile is 
almost like "background noise"; it is always 
there, whether we talk about it or not. If we 
are still growing (if the oil blot is still 
expanding) , then our development goal is to 
dig more of the target out of the unidentified 
pile. If we have reached the ”no , growth" 
point, then our development goal is to be able 
to recognize and develop any new communica¬ 
tions that the target might put on the air — 
communications that ought to stand out against 
the "normal noise" in the unidentified pile. 


TA MAINTENANCE GOALS 


(U) During the maintenance phase, we want 
to be able to hang on to the continuity that 
WG have already recovered. We want to do 
this: 

f] to support whatever analysis efforts 
are currently engaged on the target 
(such as cryptanalysis, language, 
reporting, etc.), and 

[] to support whatever collection effort 
is working against the target. 


(U) To do the first support requirement 
(U) As an aside, I should say here that the properly, we need to be able to correctly dis- 

reporting side of traffic analysis is gen- tinguish and identify each of our continuities 

erally well ahead of the technical side in the as the traffic arrives at the point of 
use of computers. Since my primary interest 
in this paper is the working-level traffic 
analyst, I will be concentrating on the tech¬ 
nical side, and I do not propose to discuss 
the reporting aspects of TA except as they 
touch on the technical side. 


analysis, i.e., after it has been collected. 
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HOW CAN COMPUTER POWER BE APPLIED 
TO THE TA PROBLEM? 


(3 " GC0) In order to consider how the power 
of the modern computer might be applied to 
traffic analysis, we need to look at the model 
of TA that emerges from these two phases; 
development TA and maintenance TA. Although I 
have described them as if they were distinct 
and separate, they really ought to be thought 
of as a conjugate pair, because they tend to 
occur together on most problems. It is also 
possible for certain problems to be best 
described as a hybrid of these two forms : dur¬ 
ing the war in Vietnam, one out of every three 
pieces of intercepted traffic was unidenti¬ 
fied , largely because of the rapidly-changing 
nature of the target. The point I want to 
leave with you today is that any attempt to 
provide the traffic analyst, either here in 
this building or anywhere in the world, with a 
Traffic Analysis Workbench System must reckon 
with the fact that the problem he is working 


will always be some mixture of thes^ two forms 
of traffic analysis. We also need to consider 
that a TA problem can quickly change from one 
form to the other. 



We decided to see if we couldn't find a 
way for computers to help us with the more 
stable maintenance problem. I remember spend¬ 
ing several weeks laying out the logic and 
processes on the problem. And I remember 
being told, at the end of the project, that 
there wasn't nearly enough memory available to 
do what I needed. 



MAINTENANCE 

DEVELOPMENT 

Problem type ; 

continuity-keeping 
bookkeeping 
"Anything changed?" 

continuity-seeking 
pattern searching 
"What's new?" 

How dynamic? 
Foreknowledge : 

State of solution: 

slowly changing 
high 
''solved 

rapidly changing 
low 

*unsolved 

Control: 

Interaction: 
Techniques: 

semi-automatic 

human-efficient 
target specific 
knowledge-based? 

hands-on 
human-intensive 
human specific 
"mlx-n-match" 

Worst case: 

"below the salt" 

start from scratch 


A COMPARISON OF TWO FORMS OF TA 
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A COMPARISON OF WO FORMS OF TA 


(U) Let's look at these two forms of TA a 
little more closely. How do they compare when 
we look at them frcan the viewpoint of provid¬ 
ing today's (and tomorrow's) traffic analyst 
with a computer support toolkit, while using a 
terminal workstation in an NSA worldwide net¬ 
working environment? 

(U) In development TA (the garrison commun¬ 
ications in our example), we have a bookkeep¬ 
ing problem, 

[] where the emphasis is clearly on keep¬ 
ing track of a lot of known continui¬ 
ties? 

[ ] where we expect the changes in the 

target characteristics to be rela¬ 
tively modest; 

[] where the technical means of keeping 

up with the target {i*e,, callsign and 
frequency systems, address tables, 
etc.) are largely solved or under¬ 
stood; and 

[] where we have good prospects of being 
able to project the appearance and 
behavior of the target from day to 
day. 

(U) In development TA (the training commun¬ 
ications in our example) , we have a pattern¬ 
searching problem, 

(1 where the emphasis is on sifting 
through masses of low-yield ore, look¬ 
ing for something that forms a con¬ 
tinuity; 

[1 where the next success may look noth¬ 
ing like the last one; and 

[] where the chances of finding that nee¬ 
dle in the haystack may depend as much 
on the personality of the searcher as 
on the content of the haystack. 

If we can't keep continuities, (i.e., ate not 
able to) , then the . target stays in the 
development phase, no matter how much we know 
about it. Someone once said that TA continui¬ 
ties take either 95% of our resources, or 5%. 
That number may not be right, but the idea is. 
Being able to keep track of the continuities 
is the key to whether the problem is develop¬ 
ment or maintenance in nature. A daily¬ 
changing callsign system looks to us as if it 
is rapidly changing if we haven't solved the 
system, but once the system is solved, we then 
perceive it to be slowly changing. It is a 
matter of viewpoint. 


(U) In maintenance TA, we work largely with 
what the target gives us. A package of tech¬ 
niques to grapple with a callsign system may 
work well enough on a problem where the 
callsigns are the key to our keeping track of 
continuity, but may be almost useless on 
another problem where the callsign system 
isn't solved and we must rely on other things, 
such as serial numbers or eiddresses, 

(U) In development TA, on the other hand, a 
particular technique may pull one new struc¬ 
ture out of the search pile and then never 
again find anything. The development analyst 
may need to continually devise new attacks and 
new methods; to him, the search pile is a 
featureless mass and it is his job to sort out 
the various pieces and find ways to distin¬ 
guish one piece from another with some relia¬ 
bility. 

(U) The maintenance TA problem probably 
needs a package that will 

[] look over the incoming material for 
the day; 

[] make reasonable guesses about con¬ 

tinuities (including garbles); 

[] flash a warning light at the traffic 

analyst when things look very wrong or 
when it is confused by something; and 

[] provide a clean and readable summary 
of its results to the analyst for 
review. 

It ought to keep up with both short-term and 
long-term trends, and should be especially 
attentive about "missing persons," portions of 
the target which haven't been seen for a 
while. 

(U) The development TA problem, on the 
other hand, needs a toolkit that will provide 
the analyst with a range of diagnostic, compu¬ 
tational, and pattern-searching techniques 
that can be brought to bear on the problem, in 
whatever mix the analyst needs at the moment. 


WORST CASE 

(U) I have shown what might be called the 
"worst case" for each of these forms of 
traffic analysis- 

(U) In maintenance TA, one sometimes finds 
that a problem must somehow be worked, but 
that it has no real resources and not enough 
clout to get any. Now, in the best of all 
worlds, where everything is done right and for 
the right reasons, such problems should not 
exist. If a problem is worth working on at 
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all, it is worth the resources needed to get 
the job done. However, in the real world, 
those problems that ace "below the salt" will 
always be working with whatever support they 
can beg, borrow, or scrounge. Providing a 
general package for such problems would pay 
for itself a hundredfold in the first few 
years. At the minimum, package needs to be 
able to "ring an alarm bell" when the target 
starts to disappear, or becomes nvore active, 
or changes in some other way. 

(fl-eco) In development TA, the worst case 
might be the situation where nothing is known. 
That is not as uncommon as some people might 
think. [ 

_I When 

we pull together an analysis effort for a sud¬ 
den war or brushfire, the analysts are usually 
drawn from other problems around the building; 
it would be nice if they didn*t have to add 
"learning a new system" to all the other prob¬ 
lems they will face on the new target. There¬ 
fore, the toolkit for such situations must be 
quite general and all-purpose. 


TWO SYSTEMS OR 0HE7 

(U) What I have been describing so far may 
sound like two different systems, but what I 
am proposing is one system, with two parts. I 
have already said that these two phases or 
aspects of TA occur together, and I should add 
that on more than one problem, they are fre¬ 
quently done by the same people. New con¬ 
tinuities are recovered by the develc^ment TA 
process, and then handed over to the mainte¬ 
nance TA effort to be kept track of. Informa¬ 
tion is often derived by the maintenance 
effort that will help the development effort. 
What the traffic analyst needs is one system 
that has enough flexibility for him to move 
whichever way his TA problem takes him. It 
would also be useful if the language we use is 
one that isn’t going to change every few years 
becau se some equipmen t in the baseme n t is 
being upgraded. 


PINSETTER 

(U> Several years ago, we began to work on 
the concept of a Traffic Analysis Workbench 
System, with the covernaTne PINSETTER. Some of 
what I have described here comes out of that 
experience. PINSETTER has been described 
elsewhere, so I will not spend time on it 
here. However, I will share with you some of 
my personal conclusions about PINSETTER, espe¬ 
cially those which seem to be pertinent to the 
future. 


(U) There are aspects of traffic analysis 
wh ich resemble word processing, and a good 
screen editor seems to go a long way toward 
putting the analyst in contact with his 
traffic, letting him rearrange it and touch up 
the rough edges and garbles the way he (the 
owner) wants them. It lets him look at the 
data before he decides what processing to 
apply to it. It also puts him in a good posi¬ 
tion to generate reports about his problem, 
especially the technical reports with techni¬ 
cal data embedded in narrative text. 

(U) A good toolkit, similar to UNIX and the 
PINSETTER extensions, is invaluable in provid¬ 
ingthetraffic analystwith the ability to 
tailor-make his own flexible processes f6t ^ 
large scale manipulation of his traffic. P-L. 

(U) Many of the practical results of PIN¬ 
SETTER, results that found their way into 
daily applications on specific targets, were 
not limited to traffic analysis. It became a 
regular occurrence to hear people from other 
cryptologic disciplines tell us that much of 
the UNIX/PINSETTER package for traffic 
analysts was what they needed, too. 

PROBLEMS THAT NEED SOLVING 

(U) Among the many problems that need to be 
solved, I would like to mention two. Both of 
these are areas that are critical to the 
future TA Workbench System. 

ARCHIVES 

(U) Some of our continuities form chains 
that stretch back to the end of World War II. 
One of the things that Data Systems people 
don’t like to hear is that we need storage for 
data whose lifetime must be measured in years, 
and perhaps decades. Some years ago, there 
came a time when all of our incoming data went 
solely into the computers in the basement. It 
was the culmination of the dreams of a number 
of people: to take the raw traffic away from 
the analyst! I don’t challenge that decision. 

It is history. But I must say that on many TA 
problems around the agency, there are no good 
records on our known continuities from that 
date forward, unless there were analysts still 
keeping some sort of hand records. The philo¬ 
sophy on most computer hosts is that any 
records not accessed within some period (usu¬ 
ally a year or less) are taken off the system. 

(U) Even if the data is put onto tape, the 
medium will deteriorate. Once on tape, the 
data is "out of sight and out of mind." The 
software that understands that data will 
sooner or later disappear or be "improved." 
Nevertheless, the analysts on that problem are 
still responsible for that period of time, and 
may still have to field questions about their 
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targets for that time period. So far, we have 
dodged this bullet, but sooner or later we 
will have to face the need for long term 
archives. 


INFREQUENT USE OP PROCESSES 

(U) The second problem involves the ques¬ 
tion of software that is only infrequently 
used. For example, suppose that one of our 

larger targets has a major communications 
change every five or six years. The effect of 
this change is so great that it interrupts 
intelligence reporting on that target until 
the new communications structures are under¬ 
stood and recovered. Each time the change 
occurs, an intensive effort is therefore 
mounted to recover our continuities in the 

shortest possible time. 

(U) In the old days, when the special 

effort was over, everything was bundled up and 
packed away for retrieval when the next change 
came along. But how do we handle this now 
that we have modern data systems support? 
After five or six years, how much of the 

software is still useful? Chances are that 
the data base has been changed, as well as the 
host on which it resides. 

(U) Another example might be the diagnostic 
techniques to attack a particular kind of 
callsign system. Once the system in question 
is solved, how should we preserve the software 
so that it doesn't need to be reinvented the 
next time such a system is encountered? Sup¬ 
pose we don’t find a similar system for five, 
or six, or even ten years? 


CONCLUSION 

(U) I don't offer either my observations or 
my experiences as criticisms, but rather as 
areas of traffic analysis support which need 
to be solved. I have tried to avoid mention¬ 
ing specific hardware or software, except as 
examples. A man named Bob Biles taught me 
long ago that users should never tell computer 
people what equipment to use. 

(U) Perhaps traffic analysis has lagged 
behind other cryptologic disciplines in making 
full use of modern data systems. But that is 
changing, thanks to the patience, ingenuity, 
and hard work of many of you here today. I 
still keep a supply of pencils around, and l 
still have a pencil sharpener on my desk—but 
I have noticed that I don't really use them 
very much any more. 


Dear Editor; 


(U) In sympathy with countless NSAers who, 
through the years have been antagonized, baf¬ 
fled, challenged, demoralized, etc., by count¬ 
less forms of human and machine language (not 
to mention the devil's own creation, govern- 
mentese) , I propose that our new OPS Bulding 
2A be christened—at least informally—"The 
Tower of Babel"I 

JOHN J. MOLLICK, B41 

[Editor's Note; In keeping with the tradition 
of naming the streets, auditoriums, etc., in 
the NSA complex after outstanding individuals, 
we could always claim that the building 
had been named after the late, lamented Mabel 
Babel (19??-1979), one of the Agency's 
foremost linguists, who spoke fluent govern- 
mentese as her native tongue. Her classic 
work, A Governmentese-English , English- 
Governmentese Dictionary (now out of print), 
is still the classic work in the field.] 



P>L. 8 6-36 

SOLUTION TO NSA-CROSTIC No. 46 

I I Memo from the Editor [of CRYPTO- 

LOG to CRYPTOLOG’S Puzzle Editor] 

"Our Jan-Feb issue will be devoted to the CISI 
Essay Contest. It would be useful to have a 
puzzle that has data systems as a base, if you 
can find a suitable text. Also, I have been 
contemplating running an April Fool issue. 
You might be thinking about that..." 
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N.S. Norway (1889—1960) was an aero¬ 
nautical engineer, active during the 
pioneer days of British aviation. He 
was also a prolific novelist. Many 
of his best works are set in the 
country which became his post-WWII 
home. Mr. Norway is Word V in this 
puzzle. 
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